Please enter your new password: "cabbage" Sorry, the password must be more than 8 characters. "boiled cabbage" Sorry, the password must contain 1 numerical character. "1 boiled cabbage" Sorry, the password cannot have blank spaces. "50bloodyboiledcabbages" Sorry, the password must contain at least one upper case character. "50BLOODYboiledcabbages" Sorry, the password cannot use more than one upper case character consecutively. "50BloodyBoiledCabbagesShovedUpYourArse,IfYouDon'tGiveMeAccessnow” Sorry, the password cannot contain punctuation. “ReallyPissedOff50BloodyBoiledCabbagesShovedUpYourArseIfYouDontGiveMeAccessnow” Sorry, that password is already in use.
One thing I would like to see stressed is that two-factor authentication has to ask for two *different types* of authentication. Asking for a password _and_ a PIN is still only one-factor, because they are both things that you have remembered (or written down), so if someone has got hold of your password file they can enter one, two or twenty passwords correctly - asking for more than one doesn't stop them. This was something that online banking got very wrong for quite some time, although most banks seem to have got it sorted out now.
As a "cybersecurity"† professional, this is an excellent episode. Well written, well delivered. Just the right amount of detail for a "class," while not being so over-simplified to be actually wrong. (I see that too often, newspaper articles, TV news segments that oversimplify to the point that what they say is wrong, not just "simplified.") †I freaking *HATE* the word/prefix "cyber".
Seeing as this account is a satirical parody of the Nigerian prince email spams, it is not racist as it is just a reference to an actual occurrence. Even so, if there was no such thing as the Nigerian Prince email spam (which there still very much is lmao) the only adjective this account title uses is Nigerian, which describes ones place of origin or citizenship. If anything this account is nationalist, not racist. In conclusion, you have incorrectly analyzed the process and purpose I use to deliver humor in my comments and will not be receiving my horded millions of dollars.
Fun fact: At 55,000 views there's a 99.59% chance she guessed someone's pin. Assuming that people PINs are evenly and randomly distributed. 1 - (9999/10000)^55000
Password requirements aren't more secure in practice - consider the two following passwords: "Passw0rd!" or "da-ba-dee-ba-doo". The second is much more secure, as the only feasible way to guess the password is brute force with letters and symbols, and most likely numbers too, but doesn't have digits nor capital letters. The first can be cracked using a dictionary attack with mutation.
Spot on with everything. I really enjoy the series! I have a pretty decent amount of experience with IT stuff, but I still manage to learn at least one new bit of info with every video. :D
I wonder why nobody in these videos ever mentions the possibility to use words from different laguages. It increases the possible combinations even more! :D
I was going to make a comment about password length vs diversity of characters. Rainbow tables let me crack anything less than 14 characters really easy but anything more gets weird. One method I used to use was take a Chinese word, change the diphthongs to produce many different words and then string them all together in English. Easy for me to remember but really hard for a computer to guess. Like house horse mother. You go over the rainbow tables. Yep go look it up. It does not require a bunch of hard to remember special characters and numbers. One of my fun games at work is just repeating the same thing in as many languages as I can think of at the time. But sequential translations get weird. My favorite pattern is English, Spanish, German. Add slang and it gets weird really fast Long list, English, Spanish, (Taino if Puerto Rican), Portuguese, French, Romanian [short story later], German, Swedish, Dutch, Arabic (Burbur if they are Moroccan, like Ara means give me in Arabic but write or sign your name in Burbur), Uzbeki, Turkish, then Russian and then Polish. It makes sense in my head, don't judge me. I was telling a joke to a Puerto Rican woman last year and she stopped me in the intro telling me she knew Taino and knew what the word meant. It was a play on words. The only time that joke has failed me. Two points on Romanian. The first was a woman on her phone who just could not be bothered to get of her phone. So I said something to her in Russian. She was like why are you talking to me in Russian, and I was like because you are not paying attention to me in English and my Romanian is poor. The second was a Romanian women who would not get off her phone. So I got annoyed and started talking to her mother who was born in Romania. The mother then spent the next two minutes berating her daughter for not knowing how to pronounce words correctly in Romanian. Jewish mothers...
Confidentiality - data that only authorised people can read Integrity - data that only authorised people can modify Availability - data which authorised people should have access to
Almost. The last one is simply Authorization. Availability refers to the "ability to access data when we need it". The Parkerian hexad, although considered to be a more complete model, is not widely known as the CIA triad. It consists of: Confidentiality, Integrity, Availability, Possession, Authenticity, and Utility. Possession - physical dispostion of media on which data is stored in. Authenticity - data that can be properly attributed to the owner/creator. Utility - data that is useful depending on content and format.
Some military jobs make us get the very in only 9 days of education with no experience. Often we have to test a couple times, but it's doable. The 501 version is gunna be killer though, so study up!
Briana Pierce haha. That sounds like learn to code in one weekend. Why even bother to study software engineering if you can learn that in one weekend or becoming a security consultant in 9 days. You gotta be kidding me.
Well, we manage to successfully do our jobs. Don't get me wrong, some people never make it through. But if you find the time we get amusing, you should realize that we take the exact same test as you, getthe exact same cert, and do our jobs effectively.
leogomez4u skip it, read the books get hands on, grab your network+, ccna, security +, even an MCSA. A + knowledge is great but the cert isn’t worth the money.
Actually Net+ is your concrete, walls and roof with Windows and doors while Security+ is your fence. The more experience with Security+ the higher the fence. A+ would be more like building the shed in the back. Nice to have but not important enough to live in or off (the cert).
I'm interested in psychology, tech, and bio. Y not combine the three and go into comp systems to research the "brain" and artificial intelligence of computers?! That's how I got here :). I've recently discovered the (huge and overwhelming) world of cyber tech but as a Russian speaking blond 5' girl, I think it would be cool to get a job in this field. I'm 14 and new to this but it's super interesting and these vids help
_Mit_Whit _Gaming_ The actual name of the black and red humanoid in 9:18 is actually "Malware", a villain from Ben 10: Omniverse, they might have used the character since Malware is a best symbol for the error
I receive so many call indicating "I'm with your computer security and your computer has been compromised, I am looking at your computer security systems and we need to fix it right away" I call BS and almost always the line goes dead. Can even the companies that are legitimate see into your computer without your knowledge?
I would like to make a subtle yet important distinction ALLOWING the option to use 9 or more capital and lowercase adding symbols spaces and numbers makes the number of possible passwords increase and is therefore more sucure REQUIRING a password to contain those things to be valid lowers the number making passwords less sucure harder to remember and more annoying to create and encourages users to have the same password for multiple accounts (don't do that)
Open source for security is a topic that came up for our (Germany) election software, because the old one was hidden and faulty, could be a right step imo.
Alternately (though I don't know how well this works in a federal system with different layers of elections), just use pencil and paper for voting like the Brits do.
If you ever see a system either show you your password or say you can't have a password longer than 16 characters, you know that site isn't storing your password securely. If you are implementing a system to check a user's password it is important not to store the password itself but instead when the user sets their password: 1) Generate a random string and stick it at the end of the password (called a 'salt') 2) Run the password+salt through a 1-way hash function like bcrypt 3) Store both the salt and the hashed+salted password in your database. Then, when your user goes to log in, read the salt from the database, add it to the login, run it through bcrypt and check if it matches the hashed+salted password.
Even better, rely on someone else who knows what they are doing to do it for you. Even the experts get this stuff wrong from time to time and you're not an expert. Use a well known, heavily tested and actively updated library for anything security related. If you're doing anything other than something like library.storepassword(username, password) and library.startsession(username, password), you're probably doing something wrong.
Exactly right, though you'll need to know how things work at the layer of abstraction I described to know what to look for in a library. Don't roll crypto yourself except for fun & practice.
>or say you can't have a password longer than 16 characters Some companies do this for customer support reasons. They do a check on the string they're sent _prior_ to running the hash on it, so it can still be done securely. But longer passwords are more likely to be forgotten, so some large organisations might choose to restrict password length to reduce the burden on their customer support lines. If they can send you your password upon request though. Yeah, that's completely indefensible. They _might_ be able to email you your password immediately after you first set it (although that is a terrible idea because email is a terribly insecure protocol) without compromising database security, but at any other point they should not have access to your plaintext password.
@Jim Cullen you're right. Its a signal that they're storing the password, but not actually a guaruntee. But really what they should do to accomplish their goal is actively suggest passphrases. But people are often silly.
I wish more companies would encourage using password managers. Passphrases are okay, but they're no where near as good as an equally long pseudo-random password. And if they form sensible sentence structures (as opposed to being completely randomly chosen words), passphrases are even worse. Using good 2FA (*not* SMS-based 2FA) on more sites would also be nice.
4:08 you have to remember, it doesn't just have to generate those numbers, it also has to enter them in, for example even python, a really freaking slow language, can count from 0 to 10000 in 0.0009965896606445312 seconds, pretty freaking fast! But if you want python to print each individual number, it will take about 4.403296709060669 seconds, although entering the numbers might not take as long as printing each one, it would still take at least a second
Hi, I appreciate you. I needed the information you gave as a seo and digital marketing specialist. I did not come across a channel or person who described terms like Internet, TCIP as simple as you. Thanks again...
I’m seriously hoping we go over airgaps and compartmentalization, because they are the true implementation of write up, read down. You gave a very dangerous idea that privileged information can be held on a system that processes unprivileged information. What you should do is keep them all in different systems that are physically separate from each other. The only way you can send information from a less privileged system to a higher level is to cross a physical air gap between machines. Compartmentalization is just a fancy way to say keeping information available to those that need to know it. A CFO would certainly need access to a businesses finance information, but even if he has a high level of access, there is no reason that he should have access to the R and D information. Still an admirable job for something so broad as “security” you boiled down several months of training into less than 15 minutes. You get my “eh close enough” seal of approval!
Important note: chip-and-PIN credit cards are a now-ubiquitous example of two-factor authentication! It verifies what you have (the card with the chip) and what you know (your PIN). Of course, most chip-and-PIN readers will, if they fail to properly read the chip, revert back to letting you swipe the card again and using it without the chip. And that's a problem: if someone can copy the magnetic stripe on your card, say with a skimmer, then they can easily create a chip-and-PIN card with an intentionally damaged chip, letting them spoof your card and thus remove the "what you have" authentication step. Instant vulnerability. Luckily, it's basically impossible to copy your magnetic stripe if you never swipe your card, so using the chip all the time can prevent such an attack from happening. On the other hand, at least at my job, the card readers fail to read chips properly about 25% of the time, and that means quite a lot of people still end up swiping their card. If these readers are representative of the majority of readers in the world, then that is a serious flaw in the system that needs to be fixed.
I've been studying computer science for 3 years now and i was always interested in the security aspect of it but there is something that bothers me. When i ask for guidance ( both on the internet and in real life ) people happily point me to proper learning material except when ask things related to security, for example if say something like "I want to learn graphics design." or "I'm interested in programming" i get "Sure, here's dozens of websites/courses/books..." but the moment i say "I want to write self-modifying software" or "I want to learn reverse engineering" people start acting like they saw a ghost and instead of helping me they go "Why do you want to learn that?". Even when i look for courses online they teach you how to use existing hacking/pentesting software and give examples of exploits that went obsolete 10 years ago and have nothing to do with current systems. That's not what i want, i want to learn how those tools operate under the hood and be able write one from scratch if i want to. I want to see behind the curtain and manipulate whats happening below the user level.
Jack F, good luck.. I think computer and human have different language. We can only understand in abstraction. Maybe you want to look into open source processor like RISC V.
Thanks so much, im only 13 and this interests me so much! I went to a cyber security competition a few weeks back and it was amazing! I placed 2nd place w/ only a little background knowledge that I learned from coding in various languages/reverse engineering a lot over the years! 🙂😀😀
Good episode! Would be nice to hear an indictment of modern operating systems (especially windows) that were designed in pretty much the least secure way possible.
Only a couple of minutes in but isn't one of the biggest issues of cyberinsecurity rushed, or even panicked driven by greed and speed, implementation. Cyber security is a big issue because cyber *insecurity* is a big issue.
Biometric's are not good authentication. not only can fingerprints, retina patterns, etc, be duplicated but computers only read 1's and 0's and the biometric readers are fairly simple in their conversion. It would be fairly simply to duplicate their output once the make and model of the reader is known....which is easily figured out if you can get the MAC address of the reader...
Why didn't you use the CISSP standard definitions for confidentiality, integrity, and availability? Integrity is less about the authorized person accessing the data, and more about the data itself being complete or whole.
1:50 “that shows who your enemy is.” *shows a little girl on her computer*
A formidable foe.
She stole a bunch of info about me I'm not proud of and some disgusting info I am proud of.
Please enter your new password:
"cabbage"
Sorry, the password must be more than 8 characters.
"boiled cabbage"
Sorry, the password must contain 1 numerical character.
"1 boiled cabbage"
Sorry, the password cannot have blank spaces.
"50bloodyboiledcabbages"
Sorry, the password must contain at least one upper case character.
"50BLOODYboiledcabbages"
Sorry, the password cannot use more than one upper case character consecutively.
"50BloodyBoiledCabbagesShovedUpYourArse,IfYouDon'tGiveMeAccessnow”
Sorry, the password cannot contain punctuation.
“ReallyPissedOff50BloodyBoiledCabbagesShovedUpYourArseIfYouDontGiveMeAccessnow”
Sorry, that password is already in use.
thanks. been a while since I had a belly cramp laughing.
Thanks for making me read all that 😂
That was hilarious!
LMAO 🤣 crying😂😂😂😂😂😂🤣😅
RaymondHng that is everything
I learned the same things in a 8 hour online course. Truly a Crash Course
Remember to change your face every 90 days to prevent hackers from getting into your account.
my face already include at least one symbol, at least one upper case letter and at least one number
Meanwhile in a plastic surgeon...
That's only if you used facial recognition (which is biometric) as the authentication mechanism. Just simply use long passwords.
One thing I would like to see stressed is that two-factor authentication has to ask for two *different types* of authentication. Asking for a password _and_ a PIN is still only one-factor, because they are both things that you have remembered (or written down), so if someone has got hold of your password file they can enter one, two or twenty passwords correctly - asking for more than one doesn't stop them. This was something that online banking got very wrong for quite some time, although most banks seem to have got it sorted out now.
You're killing me with the "I'd take it ALL" ATM comment. I'm sitting here dying!
As a "cybersecurity"† professional, this is an excellent episode. Well written, well delivered. Just the right amount of detail for a "class," while not being so over-simplified to be actually wrong. (I see that too often, newspaper articles, TV news segments that oversimplify to the point that what they say is wrong, not just "simplified.")
†I freaking *HATE* the word/prefix "cyber".
Anonymous Freak Yes, it sounds cheesy, and used to refer to something else...
How did you get your first job and what do you recommend learning for Cyber security
i work as a senior cybersec engineer in incident response and threat intelligence. love it!
This is a great video. Explains the topic enough so that non-technical people understand the threats and how to mitigate them. Great job!
This video is bologna, if people don't click on random links in their emails, how will I ever give away my millions?
Lololol
I laughed way more than I should have
dude thats racist
Seeing as this account is a satirical parody of the Nigerian prince email spams, it is not racist as it is just a reference to an actual occurrence.
Even so, if there was no such thing as the Nigerian Prince email spam (which there still very much is lmao) the only adjective this account title uses is Nigerian, which describes ones place of origin or citizenship. If anything this account is nationalist, not racist.
In conclusion, you have incorrectly analyzed the process and purpose I use to deliver humor in my comments and will not be receiving my horded millions of dollars.
Gabriel Agbese you got rekt dude
Using this to prep myself for a Master's in Cybersecurity. This broke down everything way better than most of the material I have read.
Just love going back from time to time to watch some of this amazing course episodes!
Fun fact: At 55,000 views there's a 99.59% chance she guessed someone's pin.
Assuming that people PINs are evenly and randomly distributed.
1 - (9999/10000)^55000
I love math.
Nice one XD
And assuming everyone has viewed it only once.
The thing is though, 2580 is a straight line down the keypad and we all know everyone hates straight lines
Going into Cybersecurity and this is so cool
Password requirements aren't more secure in practice - consider the two following passwords: "Passw0rd!" or "da-ba-dee-ba-doo". The second is much more secure, as the only feasible way to guess the password is brute force with letters and symbols, and most likely numbers too, but doesn't have digits nor capital letters. The first can be cracked using a dictionary attack with mutation.
I work in security and I approve this message. Excellent video!
Spot on with everything. I really enjoy the series! I have a pretty decent amount of experience with IT stuff, but I still manage to learn at least one new bit of info with every video. :D
That's amazing! I've got the same combination on my luggage!
May the Schwartz be with you.
It is a guilty pleasure every time Carrieanne says "doobalidoo".
Carrie Anne keep it real. No access to ATMs or she'll take all of it xD
that ceramic cat collection doesn't buy itself XD
I wonder why nobody in these videos ever mentions the possibility to use words from different laguages. It increases the possible combinations even more! :D
I do that all the time, I really stopped using English anymore lmao
I was going to make a comment about password length vs diversity of characters. Rainbow tables let me crack anything less than 14 characters really easy but anything more gets weird.
One method I used to use was take a Chinese word, change the diphthongs to produce many different words and then string them all together in English. Easy for me to remember but really hard for a computer to guess.
Like house horse mother. You go over the rainbow tables. Yep go look it up. It does not require a bunch of hard to remember special characters and numbers.
One of my fun games at work is just repeating the same thing in as many languages as I can think of at the time. But sequential translations get weird.
My favorite pattern is English, Spanish, German. Add slang and it gets weird really fast
Long list, English, Spanish, (Taino if Puerto Rican), Portuguese, French, Romanian [short story later], German, Swedish, Dutch, Arabic (Burbur if they are Moroccan, like Ara means give me in Arabic but write or sign your name in Burbur), Uzbeki, Turkish, then Russian and then Polish.
It makes sense in my head, don't judge me. I was telling a joke to a Puerto Rican woman last year and she stopped me in the intro telling me she knew Taino and knew what the word meant. It was a play on words. The only time that joke has failed me.
Two points on Romanian. The first was a woman on her phone who just could not be bothered to get of her phone. So I said something to her in Russian.
She was like why are you talking to me in Russian, and I was like because you are not paying attention to me in English and my Romanian is poor.
The second was a Romanian women who would not get off her phone. So I got annoyed and started talking to her mother who was born in Romania.
The mother then spent the next two minutes berating her daughter for not knowing how to pronounce words correctly in Romanian.
Jewish mothers...
I will try that method.
1, 2, 3, 4, 5? That's amazing! I've got the same combination on my luggage!
A 12 minute long course this really is a crash course!
Confidentiality - data that only authorised people can read
Integrity - data that only authorised people can modify
Availability - data which authorised people should have access to
Almost. The last one is simply Authorization. Availability refers to the "ability to access data when we need it".
The Parkerian hexad, although considered to be a more complete model, is not widely known as the CIA triad. It consists of: Confidentiality, Integrity, Availability, Possession, Authenticity, and Utility.
Possession - physical dispostion of media on which data is stored in.
Authenticity - data that can be properly attributed to the owner/creator.
Utility - data that is useful depending on content and format.
I appreciate these videos so much! I've learned enough to know that I want to learn more -- and I'm hoping to get Security+ certified next year!
Amy Jay good luck, Amy! Security+ was my first certification and it's a great starting point.
Some military jobs make us get the very in only 9 days of education with no experience. Often we have to test a couple times, but it's doable. The 501 version is gunna be killer though, so study up!
Briana Pierce haha. That sounds like learn to code in one weekend. Why even bother to study software engineering if you can learn that in one weekend or becoming a security consultant in 9 days. You gotta be kidding me.
I'm doin dat! I'm also getting Net+ and I already have my A+
Well, we manage to successfully do our jobs. Don't get me wrong, some people never make it through. But if you find the time we get amusing, you should realize that we take the exact same test as you, getthe exact same cert, and do our jobs effectively.
Thanks for making these videos.I'm on my way to becoming a+ certified and cross reference a lot of the things you illustrate
leogomez4u skip it, read the books get hands on, grab your network+, ccna, security +, even an MCSA. A + knowledge is great but the cert isn’t worth the money.
Don't listen to them, A+ is your concrete to your house, network+, and Sec+, and etc are the walls and the roofs.
Actually Net+ is your concrete, walls and roof with Windows and doors while Security+ is your fence. The more experience with Security+ the higher the fence. A+ would be more like building the shed in the back. Nice to have but not important enough to live in or off (the cert).
FINALLY!!!! The reason why I watch this!
I AM brazillian and I love yours vídeos. Thank you.
I'm interested in psychology, tech, and bio. Y not combine the three and go into comp systems to research the "brain" and artificial intelligence of computers?! That's how I got here :). I've recently discovered the (huge and overwhelming) world of cyber tech but as a Russian speaking blond 5' girl, I think it would be cool to get a job in this field. I'm 14 and new to this but it's super interesting and these vids help
Is that a Spy Kids _and_ a Ben 10 reference in the thubnail!? Respect.
_Mit_Whit _Gaming_ though it’s a really weird one because ones from the most disliked 3rd film Spy Kids 3d and the other is from Omniverse
Jepersprepur IKR?! 😂
_Mit_Whit _Gaming_ mmmhmmm
Now I'm sad I didn't get the Ben 10 reference
_Mit_Whit _Gaming_ The actual name of the black and red humanoid in 9:18 is actually "Malware", a villain from Ben 10: Omniverse, they might have used the character since Malware is a best symbol for the error
I love this series. Thank you for all your hard work.
very noice video
Correct Horse Battery Staple
Hunter2
"Lil' Bobby tables we call him...i hope you learned to sanitize your database inputs."
funny, go change your password now
That's actually a bad password.
"Cyber Security is like the Jedi Order trying to bring Peace and Justice to the Cyberverse" *Decides to go back to school and study Cyber Security*
I receive so many call indicating "I'm with your computer security and your computer has been compromised, I am looking at your computer security systems and we need to fix it right away" I call BS and almost always the line goes dead. Can even the companies that are legitimate see into your computer without your knowledge?
I would like to make a subtle yet important distinction
ALLOWING the option to use 9 or more capital and lowercase adding symbols spaces and numbers makes the number of possible passwords increase and is therefore more sucure
REQUIRING a password to contain those things to be valid lowers the number making passwords less sucure harder to remember and more annoying to create and encourages users to have the same password for multiple accounts (don't do that)
Open source for security is a topic that came up for our (Germany) election software, because the old one was hidden and faulty, could be a right step imo.
Alternately (though I don't know how well this works in a federal system with different layers of elections), just use pencil and paper for voting like the Brits do.
Pen is better in this case since pencil writing can be erased.
if the topic is security... how is pen and paper more secure than Open source?
I was comparing pen to pencil.
my bad. I should had clarified I was refering to Andrew Farrell
If you ever see a system either show you your password or say you can't have a password longer than 16 characters, you know that site isn't storing your password securely.
If you are implementing a system to check a user's password it is important not to store the password itself but instead when the user sets their password:
1) Generate a random string and stick it at the end of the password (called a 'salt')
2) Run the password+salt through a 1-way hash function like bcrypt
3) Store both the salt and the hashed+salted password in your database.
Then, when your user goes to log in, read the salt from the database, add it to the login, run it through bcrypt and check if it matches the hashed+salted password.
Even better, rely on someone else who knows what they are doing to do it for you. Even the experts get this stuff wrong from time to time and you're not an expert. Use a well known, heavily tested and actively updated library for anything security related. If you're doing anything other than something like library.storepassword(username, password) and library.startsession(username, password), you're probably doing something wrong.
Exactly right, though you'll need to know how things work at the layer of abstraction I described to know what to look for in a library.
Don't roll crypto yourself except for fun & practice.
>or say you can't have a password longer than 16 characters
Some companies do this for customer support reasons. They do a check on the string they're sent _prior_ to running the hash on it, so it can still be done securely. But longer passwords are more likely to be forgotten, so some large organisations might choose to restrict password length to reduce the burden on their customer support lines.
If they can send you your password upon request though. Yeah, that's completely indefensible. They _might_ be able to email you your password immediately after you first set it (although that is a terrible idea because email is a terribly insecure protocol) without compromising database security, but at any other point they should not have access to your plaintext password.
@Jim Cullen you're right. Its a signal that they're storing the password, but not actually a guaruntee.
But really what they should do to accomplish their goal is actively suggest passphrases. But people are often silly.
I wish more companies would encourage using password managers. Passphrases are okay, but they're no where near as good as an equally long pseudo-random password. And if they form sensible sentence structures (as opposed to being completely randomly chosen words), passphrases are even worse.
Using good 2FA (*not* SMS-based 2FA) on more sites would also be nice.
I'm majoring in this starting next year!!!
tcbobb16 tcb Illinois State
How’s it going so far
Updates, please don't drop out
4:08 you have to remember, it doesn't just have to generate those numbers, it also has to enter them in, for example even python, a really freaking slow language, can count from 0 to 10000 in 0.0009965896606445312 seconds, pretty freaking fast! But if you want python to print each individual number, it will take about 4.403296709060669 seconds, although entering the numbers might not take as long as printing each one, it would still take at least a second
i LOVE CARRIE ANN HER REFERENCES ARE SO COOL FROM GAMING TO PETS TO MOVIES EVERYTHING!!!!!!!!!!!!!!
2:24 Oh, that's what _safe mode_ means
This series is so great I can even forgive Carrie-Anne's, 'tongue down the back of Green Bros. trousers' comment at 5:19.
This video is incredible! Thank you so much!
Hi, I appreciate you. I needed the information you gave as a seo and digital marketing specialist. I did not come across a channel or person who described terms like Internet, TCIP as simple as you. Thanks again...
Who's PIN was 2580?
Not me. Nope. Certainly not.
12345?? Thats amazing, I've got the same combination on my luggage!!!
microbuilder spaceballs ;)
of course...I think any time a combination is mentioned, all SB fans ears perk up lol
Some idoit on the internet that’s such a coincidence, mine was too! What platform were you using?
-Jimmy Nottahakker
I was wondering how you would do this in one short video... Not bad!
I’m seriously hoping we go over airgaps and compartmentalization, because they are the true implementation of write up, read down. You gave a very dangerous idea that privileged information can be held on a system that processes unprivileged information. What you should do is keep them all in different systems that are physically separate from each other. The only way you can send information from a less privileged system to a higher level is to cross a physical air gap between machines.
Compartmentalization is just a fancy way to say keeping information available to those that need to know it. A CFO would certainly need access to a businesses finance information, but even if he has a high level of access, there is no reason that he should have access to the R and D information.
Still an admirable job for something so broad as “security” you boiled down several months of training into less than 15 minutes. You get my “eh close enough” seal of approval!
I love her enthusiasm
My new password is Ceramic_cat_figurines. Ooops, maybe not. Another great episode. Thanks!
The biggest flaw of a security system is human, and hackers always compromise humans first because humans are the most vulnerable
In the context of cybersecurity, this is known as the human factor. Human element will always be the weak link in security (e.g. social engineering).
Important note: chip-and-PIN credit cards are a now-ubiquitous example of two-factor authentication! It verifies what you have (the card with the chip) and what you know (your PIN).
Of course, most chip-and-PIN readers will, if they fail to properly read the chip, revert back to letting you swipe the card again and using it without the chip. And that's a problem: if someone can copy the magnetic stripe on your card, say with a skimmer, then they can easily create a chip-and-PIN card with an intentionally damaged chip, letting them spoof your card and thus remove the "what you have" authentication step. Instant vulnerability.
Luckily, it's basically impossible to copy your magnetic stripe if you never swipe your card, so using the chip all the time can prevent such an attack from happening. On the other hand, at least at my job, the card readers fail to read chips properly about 25% of the time, and that means quite a lot of people still end up swiping their card. If these readers are representative of the majority of readers in the world, then that is a serious flaw in the system that needs to be fixed.
This is a great video, it's more difficult to do these animated vids than to just have a talking head spitting a script. Nice job guys
I wish the schools around me make this a BS major. But they're only MA thus far. I'm going to try the MA program.
xBroken_Truths Travel to a good school. You only establish yourself as an adult(go to college) once, make it count.
I've been studying computer science for 3 years now and i was always interested in the security aspect of it but there is something that bothers me. When i ask for guidance ( both on the internet and in real life ) people happily point me to proper learning material except when ask things related to security, for example if say something like "I want to learn graphics design." or "I'm interested in programming" i get "Sure, here's dozens of websites/courses/books..." but the moment i say "I want to write self-modifying software" or "I want to learn reverse engineering" people start acting like they saw a ghost and instead of helping me they go "Why do you want to learn that?". Even when i look for courses online they teach you how to use existing hacking/pentesting software and give examples of exploits that went obsolete 10 years ago and have nothing to do with current systems. That's not what i want, i want to learn how those tools operate under the hood and be able write one from scratch if i want to. I want to see behind the curtain and manipulate whats happening below the user level.
Jack F, good luck..
I think computer and human have different language. We can only understand in abstraction. Maybe you want to look into open source processor like RISC V.
Thanks so much, im only 13 and this interests me so much! I went to a cyber security competition a few weeks back and it was amazing! I placed 2nd place w/ only a little background knowledge that I learned from coding in various languages/reverse engineering a lot over the years! 🙂😀😀
Congrats! Follow your dream Dargon, Remember, The only thing you need is passion and curiosity!!!
Thijs Vandaele True!! Thank you.
You should post this kind of stuff on your UA-cam channel
Learn Kali Linux
Install gentoo hardened.
Please do a video about Block-chain!
Correct horse battery staple! Yay!
This gonna help a lot... Thanks a lot
I love technology!
7:04 and what if an attacker compromises your fingers? :o
awww man.. now I have to change my pin.
I love this video and I love that lady teaching it everything about this is good
0:18 Legendary bike Favorit.
I updated everything I have access to, after this video.
As an IT major with a focus on Cybersecurity, this video is very informative and provides a good understanding of my career future
Good episode! Would be nice to hear an indictment of modern operating systems (especially windows) that were designed in pretty much the least secure way possible.
Very nice video! Thanks
Enrolling into school for this next year.
Good topic explanation
Wow what a video
Good video
BIBA!! I appreciated that
Great intro course.
Fantastic 🎉
Which is better, changing a 8 digit pin to a 10 digit pin, or allowing letters and symbols in your 8 character long pin.
Anyone else notice Malware from Ben 10 Omniverse? XD
I was wondering why that malware looked so familiar
Me
Moi aussi
NOTHING IS TOTALLY SAFE!!GOOD VIDEO!!😀😊
Learned a lot thanks .
Only a couple of minutes in but isn't one of the biggest issues of cyberinsecurity rushed, or even panicked driven by greed and speed, implementation. Cyber security is a big issue because cyber *insecurity* is a big issue.
I JUST LEARNED HOW THIS CYBERSECURITY WORKS
Biometric's are not good authentication. not only can fingerprints, retina patterns, etc, be duplicated but computers only read 1's and 0's and the biometric readers are fairly simple in their conversion. It would be fairly simply to duplicate their output once the make and model of the reader is known....which is easily figured out if you can get the MAC address of the reader...
Awesome video !
interesting you explain with direct with pictures ... i need lesson computer science
Love theese videos puts me right to sleep
Is the kid in the sandbox one of the Green brothers doing a cameo?
Ross Parlette: John, I think.
*Searches infosec crash course* to cram for exam, sees 7hr Google one or this one - real head-scratcher.
thanks. Very useful
Thank you!
I'd love an episode on neural networks.
i like your video because it is my lesson , please explain more with use pictures exemples direct ...it is my lesson
This was really well done. Thanks!
she's a Trekkie, likes Star Wars, and cats i think im in love
Would have been nice to go over capability-based security as an alternative to ACLs.
Thanks for the video
Why didn't you use the CISSP standard definitions for confidentiality, integrity, and availability? Integrity is less about the authorized person accessing the data, and more about the data itself being complete or whole.
Woah they got my exact pin. What are the chances?
PaJeezy Yeah. It was really weird to see my pin. I know I’m going to Bank of America next week. I just don’t have the time to go now.
About 1 in 10 thousand.
11:04
Worst case, the malware is expecting to be sandboxed and finds a way to escape it.
Yeah.
I love your video thank you
1:51 “...Who your enemy is”-a Russian keyboard appears on screen.